3 matches found
CVE-2024-45811 server.fs.deny bypassed when using ?import&raw in vite
Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it...
CVE-2024-31207
Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...
CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories
Vite French word for "quick", pronounced /vit/, like "veet" is a frontend build tooling to improve the frontend development experience.server.fs.deny does not deny requests for patterns with directories. This vulnerability has been patched in versions 5.2.6, 5.1.7, 5.0.13, 4.5.3, 3.2.10 and 2.9.1...